Unreal3.2.10 Release Notes =========================== ==[ GENERAL INFORMATION ]== - If you are upgrading on *NIX, then make sure you run 'make clean' and './Config' first, before running 'make'. - The official UnrealIRCd documentation is doc/unreal32docs.html online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html FAQ: http://www.vulnscan.org/UnrealIRCd/faq/ Read them before asking for help. - Report bugs at http://bugs.unrealircd.org/ - The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a SUMMARY of the changes in this release. There have been 79 changes in total, for the full list of changes see the Changelog. ==[ NEW ]== - Improved socket engine. This brings some performance improvements and also makes it easier to configure a system to hold more than 1024 clients (no more editing of header files on Linux!). - ESVID support: services can communicate the account name of the user back to the IRCd. This only works on ESVID-capable services: - Extban ~a:: matches users who are logged in to services with that account name. - Show account name in /WHOIS - CAP support: this enables clients to enable certain features more easily. Can be disabled through set::options::disable-cap. - Now that STARTTLS is advertised in CAP it is likely to be used more often. - away-notify: informs clients of AWAY state changes of users on the same channels, for clients that support this. - account-notify: similar to away-notify, inform clients of changes in the login status and account name used by other clients on the same channels. - SASL support. To use this, and if your services support this, you point set::sasl-server to your services server. - Server-side MLOCK support: the IRCd will prevent channel mode changes depending on the MLOCK setting in services. Requires special support from services for this feature. - User Mode +I (IRCOp only): hide idle time - auth-method 'sslclientcertfp': authenticate users using an SSL client certificate by the SHA256 fingerprint of that certificate. The documentation has a new section (3.19) called 'Authentication Types' which contains an (improved) example of how to use SSL client certificate authentication instead of regular passwords. - oper::require-modes: an optional setting, which can be used to require users to have certain user modes (such as 'z') before they can /OPER up. - allow/deny channel: you can now optionally specify a class here as an extra filter. - doc/example.es.conf: Spanish translation of example configuration file. - There have also been some behavior changes, which can be considered NEW, see next section (CHANGED). ==[ CHANGED ]== - Anti-spoof protection (ping cookies) can now be enabled/disabled at run-time through set::ping-cookie [yes|no]. The default is 'yes' (enabled). - A quit with 'Ping timeout' now shows the number of seconds since the ping. - Print out a warning if we can't write to a log file. - Refuse to boot if we can't write to ANY log file. - Windows: if an SSL certificate exists, then uncheck the 'generate SSL certificate' checkbox by default. - *NIX with SSL: We now ask in ./Config if you want to generate an SSL certificate. The certificate is then copied when you run 'make install'. ==[ MAJOR BUGS FIXED ]== - Windows SSL crash (this issue was already fixed in 3.2.9-SSL-fix) - Other than that, none? ==[ MINOR BUGS FIXED ]== - Various compile problems, in particular with remote includes enabled. - Windows: the installer sometimes insisted that the Visual C++ 2008 redistributable package was not installed, when it actually was there. - Windows: MOTD file date/time was always showing up as 1/1/1970. - And more... see Changelog ==[ REMOVED / DROPPED ]== - Windows 9X is no longer supported - The networks/ directory has been removed ==[ KNOWN ISSUES ]== - Regexes: Be careful with backreferences (\1, etc), certain regexes can slow the IRCd down considerably and even bring it to a near-halt. In the spamfilter user target it's usually safe though. Slow spamfilter detection can help prevent the slowdown/freeze, but might not work in worst-case scenario's. - Regexes: Possessive quantifiers such as, for example, "++" (not to be confused with "+") are not safe to use, they can easily freeze the IRCd. ==[ FULL CHANGELOG ]== Below is the full Changelog since previous release: [2011-11-09] Nathan Phillip Brink (a673dd0f7b37): - Automatically regenerate Makefile if ./config.status --recheck was run. [2011-11-09] Nathan Phillip Brink (110ba58ecd56): - Fix compilation issue when disabling stacked extbans. https://bugs.gentoo.org/389949 [2011-11-10] Nathan Phillip Brink (3448e5a11d9e): - Attempt to make Makefile rules more parallelism friendly. [2011-11-12] Nathan Phillip Brink (7a2d78f4b9f5): - Fix compilation issues with bundled tre and ./curlinstall-ed curl caused by over-generic regexes. Reported by warg. [2011-11-14] Nathan Phillip Brink (6391a72d69f1): - Fix version string in configure.ac. [2011-12-20] Nathan Phillip Brink (28edb1b2ffa3): - Include CMDS=STARTTLS in ISUPPORT/numeric 005 to let clients discover STARTTLS support through VERSION, before or after registration (#4064). [2011-12-25] Bram Matthys (6aa52251204d): - Added patch from nenotopia to use more modern LUSERS numerics (#3967). [2011-12-25] Bram Matthys (7eb7dac8c6c2): - Fix small error in oper block documentation, reported by Stealth (#2318). [2011-12-25] Bram Matthys (2ac124b6017f): - Config parser failed to check for invalid set::ssl options, reported and patch by fbi (#4035). [2011-12-25] Bram Matthys (828bc1252f57): - Tweak: send actual channel name and not user supplied channel in KICK, reported and patch by Stealth (#3298). [2011-12-25] Bram Matthys (1fa178948bcb): - Services coders: Added support for ESVID. Instead of a number you can now store a string (of max NICKLEN size) as service stamp. See protoctl.txt and serverprotocol.html in doc/technical for more information. Patch from nenotopia (#3966). [2011-12-25] Bram Matthys (87475a4dc87a): - Show account name in /WHOIS, for ESVID-capable services packages, patch from nenotopia (#3966). [2011-12-25] Bram Matthys (28cb99e59cc5): - Added extended ban ~a: which matches users who are logged in to services with that account name. This works only on services that support ESVID. Patch from nenotopia (#3966). [2011-12-25] Bram Matthys (1fce7db4afc5): - Updated extended ban documentation in help.conf and unreal32docs: new bantype ~a, and some text about extended bans & invex (+I). [2011-12-25] Bram Matthys (103f3fa3235c): - compile fix for just-checked-in patches. [2011-12-25] Bram Matthys (e6a2c2129590): - extban ~a = also allowed for invex [2011-12-25] Bram Matthys (46f02ee7e5f3): - Throw up an error if a password in the configuration file is too long (max 48 characters), reported by JasonTik, based on patch from WolfSage (#3223). [2011-12-26] Nathan Phillip Brink (4d9121e62893): - Enforce matching of unrealircd version and PACKAGE_VERSION macros (#4014). Now the UNREAL_VERSION_GENERATION, UNREAL_VERSION_MAJOR, UNREAL_VERSION_MINOR, and UNREAL_VERSION_SUFFIX macros are autogenerated from PACKAGE_VERSION. [2011-12-28] Bram Matthys (4c91b9931dc3): - Make default service stamp 0 (zero) again, instead of '*' which was introduced by ESVID changes a few days ago. This makes anope happy, and also means nothing will change in a non-ESVID scenario. [2011-12-28] Bram Matthys (fef02a44abe7): - heh ;) [2012-01-02] Nathan Phillip Brink (79158ef9417c): - Fix misuse of stdarg.h macros when calling vsyslog() (#4065 by Jimini). [2012-01-02] Bram Matthys (6518968ca480): - Ditch vsyslog() as it's only a waste of CPU, inspired by #4065. [2012-01-03] Nathan Phillip Brink (baf498e5e970): - Run ./autogen.sh per 6518968ca480. [2012-01-20] Bram Matthys (39c2196a29d7): - Add CAP support. Currently implemented are: multi-prefix (NAMESX), and userhost-in-names (UHNAMES). Patch from nenotopia (#4018, #4066) [2012-01-22] Bram Matthys (c50f12f4f3e1): - Fix issue with CAP & NOSPOOF. Patch from nenolod (#4077). [2012-01-22] Bram Matthys (7c93a1efea50): - Advertise 'tls' (STARTTLS) capability in CAP. Patch from nenolod (#4081). [2012-01-22] Bram Matthys (1a0842b10cd0): - New user mode +I (IRCOp only) which hides idle times to other users, suggested and patch supplied by Nath & binki (#3953). [2012-01-22] Bram Matthys (58c35ea52a1f): - Added remove_oper_modes(), which works just like remove_oper_snomasks(), and ensures that the user does not have any ircop-only user modes after de-opering. This (only) fixes the just added +I umode case, but could also prevent future bugs. [2012-01-22] Bram Matthys (d66fa5f585df): - Get rid of networks/ directory, and all references to it. Suggested by katsklaw and others (#4056). [2012-02-08] Bram Matthys (7a9c8ef652c1): - Donators [2012-02-08] Bram Matthys (8f06f534bdf2): - Added doc/example.es.conf, translated by Severus_Snape. [2012-02-26] Bram Matthys (3d09d7c54790): - Make the accept code check if the fd is within bounds instead of relying on OpenFiles to be correct. This fixes a crash when f.e. 3rd party modules have files open but don't increase OpenFiles. Might also fix a curl crash, though nobody ever reported one. [2012-02-26] Bram Matthys (475ef9dc97a0): - Moved nospoof to config file, suggested by and patch from nenolod (#4078). This means ping cookies are now controlled by set::ping-cookie [yes|no]. The default is 'yes' (enabled). [2012-02-26] Bram Matthys (f4767d3fcba4): - Even when 'M' was listed in set::oper-only-stats you could still do a '/STATS m'. Unlike other stats characters, case insensitivity was not checked for this one. Reported by and patch from Apocalypse (#4086). [2012-02-26] Bram Matthys (869790963c0f): - Added patch from Adam for poll() support (#1245). [2012-02-26] Bram Matthys (eb03f48654b8): - regarding poll patch: * move all (re-)initalization to reset_pollfd(), i'm much more comfortable with that as it aids debugging a lot. * add parenthesis. update my own fd check code for poll support [2012-02-26] Bram Matthys (413d6273818c): - Some more changes and fixes regarding poll patch: * use get_client_by_pollfd() function instead of pollfd_to_client[] directly, so we can easily find and debug any mistakes. * add some commenting * add extra debugging and core dumping if fd or slot values are out of bounds * fix race condition in read_authports() where send_authports() 2 lines up could have closed the socket, resulting in a read from fd -1. NOTE: I've updated the select (non-poll) code as well, should be harmless. [2012-02-26] Bram Matthys (699cb7949b7a): - make c-ares use 100% poll. and make sure we never deal with negative fds. [2012-02-26] Bram Matthys (f1f6c992c228): - changelog entry for all previous commits: - UnrealIRCd now supports poll() instead of select(). There are some minor speed benefits if you have more than 1K or 2K clients, however the main noticeable difference is that on Linux you can now easily enter a higher maximum connection count than 1024 in ./Config, without having to edit system header files. Of course, you still need to be allowed to use the # of sockets (type 'ulimit -n' on the shell). Support for this is experimental at this stage, but enabled by default so it can receive all the testing it deserves. If all goes well, it will be the default for 3.2.10. Stress testing is very much welcomed! [2012-02-26] Bram Matthys (a41fdf31a5da): - last change to poll patch for the day.. fixing my own fix ;) [2012-02-27] Bram Matthys (3926b20bf420): - Speed optimization: First, moved a large part of vsendto_prefix_one into vmakebuf_local_withprefix. Then use this new function - which creates the buffer-to-be-sent - at the top of functions like sendto_channel_butserv and sendto_common_channels and send the prepared buffer in the loop that comes after it. This means we only prepare the buffer once and then send it many times, rather than both building and sending it XYZ times. Benchmarking connect-join-quit of 10k clients: 100 users per channel: no noticeable speed improvement 1000 users per channel: 18% faster 10000 users in one channel: 50% faster As you can see, unfortunately, for a typical irc network there isn't much speed improvement. However, if you have a couple of 500+ user channels or get attacked by clones then you may see some improvement in speed and/or lower CPU usage. [2012-03-01] Nathan Phillip Brink (0381648f5616): - Minor documentation typos, thanks warg (#4094). [2012-03-01] Nathan Phillip Brink (ff9c3863f074): - Minor documentation typos, thanks warg (#4094). [2012-03-01] Nathan Phillip Brink (09b3de19c203): - merge [2012-03-06] Nathan Phillip Brink (b60e98d7b61e): - Call m_cap_Init() when m_cap is loaded through commands.so. Reported by nenolod. [2012-03-23] Bram Matthys (954bd24668fa): - Fix for speed optimization a few lines up, was accidentally using ident username (which might have been 'unknown') instead of effective username. [2012-03-25] Bram Matthys (db9bd1f1d7f2): - Added support for SASL, patch from nenolod (#4079). [2012-03-25] Bram Matthys (08d166a75cd0): - Some really minor SASL tweaks [2012-03-25] Bram Matthys (c2adaa2861ec): - Fix crash in AUTHENTICATE (SASL commit from an hour or so ago). [2012-03-25] Bram Matthys (1f34825404a1): - Tweak SASL code to conform to current coding style. [2012-03-25] Bram Matthys (f07846413bb2): - Some more SASL fixes [2012-03-26] Bram Matthys (ebb36eee0aa6): - Some more SASL fixes, and more... [2012-03-26] Bram Matthys (4445301fdd62): - Split up PROTOCTL line, since with the addition of ESVID we exceeded MAXPARA when using ZIP links. This caused an odd charset warning upon link. [2012-03-26] Bram Matthys (13d4a17d08e2): - Poll I/O engine: get_client_by_pollfd() may return -1 when there's a race condition. Don't abort, instead just skip those clients. This fixes a crash I had on /SQUIT. [2012-03-30] Bram Matthys (00e9422c700d): - Fix win32 installer: apparently it sometimes complained about not having - the Visual C++ 2008 redistributable package installed when this was not true. [2012-03-29] William Pitcock (c6acccaf5d1a): - Fix Windows build. [2012-04-05] Bram Matthys (2e767168cd58): - Win32 compile fix (nenolod) [2012-04-05] Bram Matthys (62de808a64c3): - Print out a warning when we can't write to a log file. When booting this goes to the boot screen. When we are already booted it's sent to all IRCOps with a limit of max. 1 message per 5 minutes. - Refuse to boot when we can't write to any log file. [2012-04-09] Bram Matthys (5bb0fb828a9a): - Remove old no-stealth configuration directive from documentation, reported by katsklaw, patch from warg (#4036). [2012-04-09] Bram Matthys (10830f9bd8ed): - Added 'away-notify' client capability, which informs the client of any AWAY state changes of users on the same channel. Patch from nenolod (#4097). [2012-04-09] William Pitcock (5567e115818e): - Add support for account-notify client capability (#4098). This capability can be used to request passive notifications for accountname changes. [2012-04-09] William Pitcock (940c09f39f76): - If set::options::dont-resolve is enabled, then use only the IP information from a WEBIRC message, reported by Ismat (#4103). [2012-04-28] Bram Matthys (402025294e53): - Update donators [2012-05-01] Bram Matthys (ac7de84b6fe6): - Moved sendto_connectnotice, and thus the call to HOOKTYPE_LOCAL_CONNECT, so it gets called after the broadcast of NICK to other servers. [2012-05-02] Bram Matthys (f892b237c7a3): - Fix bug caused by new I/O engine (both with and without USE_POLL): queued data on the receive queue (eg: due to fake lag) was not processed unless we got new data from the client. Now, better document this. Also, avoid calling dbuf_put with 0 length. [2012-05-04] William Pitcock (a4058e167586): - Add support for server-enforced mode locks (MLOCK). This allows the IRCd to enforce MLOCKs that are set by services, which eliminates clashes between users setting modes and services enforcing it's mlock on channels. (#3055) [2012-05-04] Bram Matthys (7788ade137c0): - complete the previous patch (MLOCK).. mostly just bringing it up to date & code-style [2012-05-07] Bram Matthys (766727e05118): - Fixed another SASL crash bug. Always use HookAddEx, not HookAdd! Crash occured after the first quit of a user after a REHASH. Reported by Dave (#4108). [2012-05-07] Bram Matthys (8db85bd24b93): - SASL now needs to be enabled explicitly by setting a set::sasl-server. If this is not set, then SASL is off and not advertised. If the specified server is not connected, then SASL is off as well. This prevents unnecessary delay (and the inability for some clients to get online) when SASL is not in use or when the SASL server is down. [2012-05-07] Bram Matthys (99377f34c7e0): - Changed numeric 307 (RPL_WHOISREGNICK) to 'is identified for this nick', reported by fbi (#3399). [2012-06-24] Bram Matthys (b63fddf45fc4): - Win32 installer (SSL): Uncheck 'create certificate' checkbox when server.cert.pem exists, and check it if the file doesn't exist. You can still change the setting, just the default is correct now. The code for this was already there but was not working correctly causing users to go through the generation process upon each install. [2012-06-24] Bram Matthys (24281ae09d95): - Win32 installer: Latest InnoSetup no longer supports Windows 95/98, so update Minversion to make the .iss compile. [2012-07-10] Bram Matthys (b58dffedc831): - Module coders: added HOOKTYPE_AWAY (sptr, away-reason). [2011-07-13] Nathan Phillip Brink (7d0e77e30087): - Add optional oper::require-modes setting to the oper block. (#4008 by katsklaw) Any attempt to /OPER by someone who doesn't have one of the listed usermodes is rejected. This can be used to restrict oper blocks to registered nicks (+r) or secure clients (SSL, +z). [2012-08-17] Bram Matthys (a6525074d8e2): - Changes for #4008 patch. [2012-08-17] Bram Matthys (7576b3236ff5): - Clarify that hiddenhost-prefix must be the same on linked servers for bans to function properly (#4090, patch from warg, reported in #4043 by maxb). [2012-08-17] Bram Matthys (0658fe34c951): - Add /SILENCE to HTML documentation (reported by Severus_Snape in #4072, patch from warg). [2012-08-17] Bram Matthys (6ffa8616a5a7): - Show "Ping timeout: XYZ seconds" instead of just "Ping timeout". Patch from darkex (#3960). [2012-08-17] Bram Matthys (480e16958832): - a bigger scratch buffer makes me sleep at night ;) [2012-08-17] Bram Matthys (ad28e19ce167): - Install server.*.pem files, patch from katsklaw (#3988). - The ./Config script will now ask whether to generate an SSL certificate when it does not exist (defaults to Yes), instead of always generating one. [2012-08-17] Bram Matthys (69a5c751a677): - Added missing Mod_Header to m_sasl.c [2012-08-17] Bram Matthys (a4f4c0575991): - Remove old reference to networks/ directory from Windows installer [2012-10-06] Bram Matthys (7ea018e931c4): - Disable sending of UHNAMES when HTM (High Traffic Mode) is ON, suggested by driew (#3900). [2012-10-06] Bram Matthys (96339a022355): - Disable sending of UHNAMES when HTM (High Traffic Mode) is ON, suggested by driew (#3900). [2012-10-06] Bram Matthys (3a1f9e484676): - Add 'class' option to allow/deny channel so you can allow/deny users based on their class. Patch from fspijkerman (#4125). [2012-10-14] Bram Matthys (32dca22d7deb): - Use poll() in the remote includes functions when USE_POLL is defined (#4091). [2012-10-14] Bram Matthys (db66aa54c26e): - Fix bug where recursive includes would hang the IRCd, patch from binki with some minor modifications, reported by warg (#3919). [2012-10-14] Bram Matthys (5cf5af0b41cd): - Upgraded to c-ares 1.9.1. Updated configure & other files. [2012-10-15] Bram Matthys (789a093eabec): - various win32 fixes: - Disable USE_POLL on Windows, since it doesn't work with XP and has no advantage anyway. Reported by nenolod (#4129). - Various updates to makefile.win32 and .iss file, found during building new versions of zlib, openssl, and curl. [2012-10-15] Bram Matthys (2680c44b18fe): - Added set::options::disable-cap, which can be used to disable the new CAP support (#4104). [2012-10-15] Bram Matthys (64b3c4006702): - Added auth method 'sslclientcertfp' which provides an alternative method to authenticate users with SSL client certificates based on SHA256 fingerprints. This can be used instead of the already existing 'sslclientcert' so you don't have to use an external file. One way to get the SHA256 fingerprint would be: openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint Suggested and patch supplied by Jobe (#4019). - Added documentation on the new sslclientcertfp - Moved documentation on authentication types to one place and refer to it from each section (oper::password, vhost::password, link::password-receive, etc). [2012-10-16] Bram Matthys (7263bbdde9a0): - Windows: fix MOTD file always showing a date of 1/1/1970, reported by maxarturo (#4102). [2012-10-16] Bram Matthys (59bd63d4ff41): - Added release notes [2012-10-16] Bram Matthys (9fc74a213639): - Update version to 3.2.10-rc1 [2012-10-16] Bram Matthys (f10e4dfce1d8): - Bump version number in all translated docs as well (did not change the 'last update' date, though). [2012-10-16] Bram Matthys (40e659bdebb9): - Removed unreal32docs.es.html (outdated since 2006-12-22), unreal32docs.gr.html (outdated since 2006-12-02), and unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12). These translations are out of date for many years and are causing problems for the people who are reading this out of date information. If you want to update these translations, or (maybe better) redo the translation of unreal32docs in these languages, then send an e-mail to syzop@unrealircd.com. Note that for all these languages we have had people in the past offering to help out, but in the end we never heard back from them, so please ONLY contact us if you: 1) are serious, and 2) have sufficient time available to work on this project. That said, users in your language will greatly appreciate your work! Of course, if you want to translate documents in any other language then you are welcome to contact us as well. [2012-10-16] Bram Matthys (01bc8508426d): - update e-mail address [2012-10-16] Bram Matthys (b6d52f87746a): - Remove wircd.def, needs to be re-generated almost each build anyway.. [2012-10-16] Bram Matthys (2f07e55a148b): - Added last donator before rc1 [2012-10-17] Bram Matthys (05ea29482ae7): - Added tag unreal3_2_10rc1 for changeset 094646e391e6 [2012-11-04] Bram Matthys (ef3aca597034): - 3.2.10-rc1 release was on 2012-10-17 (public on 2012-10-18) [2012-11-04] Bram Matthys (4bb832cf6710): - Use our own (v)snprintf if not available. [2012-10-27] William Pitcock (311b8fd83aec): - Use a more robust method of learning the server origin for a SASL agent. [2012-11-04] Bram Matthys (a072b107947d): - Use a more robust method of learning the server origin for a SASL agent. Fixes crash reported by Adam. [2012-11-12] Bram Matthys (976aa357fc94): - Argh.. silly Windows symbol crap. [2012-11-23] Bram Matthys (a2a96c43eb07): - Import unreal32docs Spanish translation by Karim Benzema. [2012-11-23] Bram Matthys (3786b24e9d07): - Rename Changes.old to Changes.older - Rename Changes to Changes.old - In the Mercurial repository the Changes file no longer exists (except for a dummy file). You now need to run ./createchangelog to generate it. Of course in official releases the Changes file will be present and contain all details. - From now on, the Changes file is based on the history of the Mercurial repository. This means we no longer have to write text manually to the Changes file. This simple change helps a lot in future development because patches will no longer break when they are being ported from one branch to another. [2012-11-23] Bram Matthys (121fd0b71bc4): - Update ./createchangelog to make it only show changes on default branch. [2012-12-25] Bram Matthys (ecb6a32ed1dd): - Bump version in all source/include/text files [2012-12-25] Bram Matthys (0b1844607f7f): - bump version in docs & Unreal.nfo [2012-12-25] Bram Matthys (89fc21a3afa5): - Update contributors in /INFO [2012-12-25] Bram Matthys (7bf37138e074): - last update of release notes [2012-12-25] Bram Matthys (1c83ceada5c2): - Added tag unreal3_2_10 for changeset 7bf37138e074